diff --git a/content-type.patch b/content-type.patch
new file mode 100644
index 0000000..7b8b54a
--- /dev/null
+++ b/content-type.patch
@@ -0,0 +1,36 @@
+commit 040a1ae5cb2aab38b2bc716cc3d0d6fa7b998a7a
+Author: John Dennis <jdennis@redhat.com>
+Date:   Mon Jan 16 09:02:06 2017 -0500
+
+    Use ap_set_content_type() to set "Content-Type" header
+    
+    Formerly we were setting the response header "Content-Type" in
+    r->headers_out directly via the apr_table_setn() call. Although using
+    apr_table_setn() is appropriate for many HTTP headers Apache actively
+    manages a small set of headers in
+    http_filters.c:ap_http_header_filter(). These managed headers are
+    derived from values maintained in the request_rec. "Content-Type" is
+    one of the managed headers.
+    
+    Because we didn't set r->content_type field via the
+    ap_set_content_type() call and instead directly updated the
+    r->headers_out table our value for "Content-Type" was overwriten when
+    the ap_http_header_filter() was run just prior to emitting the
+    response with the result the "Content-Type" header returned to the
+    client was incorrect.
+    
+    Signed-off-by: John Dennis <jdennis@redhat.com>
+
+diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
+index a55828a..25365de 100644
+--- a/auth_mellon_handler.c
++++ b/auth_mellon_handler.c
+@@ -2655,7 +2655,7 @@ static int am_set_authn_request_post_content(request_rec *r, LassoLogin *login)
+  */
+ static int am_set_authn_request_paos_content(request_rec *r, LassoLogin *login)
+ {
+-    apr_table_setn(r->headers_out, "Content-Type", MEDIA_TYPE_PAOS);
++    ap_set_content_type(r, MEDIA_TYPE_PAOS);
+     ap_rputs(LASSO_PROFILE(login)->msg_body, r);
+ 
+     return OK;
diff --git a/mod_auth_mellon.spec b/mod_auth_mellon.spec
index d30d1ab..165d7f4 100644
--- a/mod_auth_mellon.spec
+++ b/mod_auth_mellon.spec
@@ -1,7 +1,7 @@
 Summary: A SAML 2.0 authentication module for the Apache Httpd Server
 Name: mod_auth_mellon
 Version: 0.12.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 Group: System Environment/Daemons
 Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1: auth_mellon.conf
@@ -20,6 +20,7 @@ Requires: lasso >= 2.5.0
 Url: https://github.com/UNINETT/mod_auth_mellon
 
 Patch1: enabled_in_check_uid.patch
+Patch2: content-type.patch
 
 
 %description
@@ -30,6 +31,7 @@ received in assertions generated by a IdP server.
 %prep
 %setup -q -n %{name}-%{version}
 %patch1 -p1
+%patch2 -p1
 
 %build
 export APXS=%{_httpd_apxs}
@@ -71,6 +73,9 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
 %dir /run/%{name}/
 
 %changelog
+* Tue Jan 17 2017 John Dennis <jdennis@redhat.com> - 0.12.0-4
+- Resolves: bug #1414019 Incorrect PAOS Content-Type header
+
 * Mon Jan  9 2017 John Dennis <jdennis@redhat.com> - 0.12.0-3
 - bump release for rebuild